FROM ubuntu:18.04

RUN apt-get update && apt-get install -y --no-install-recommends \
    curl jq git lsb-release unzip vim sudo \
    apt-transport-https apt-utils ca-certificates gnupg \
    && apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
    # unzip used once

ENV DEBIAN_FRONTEND=noninteractive
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true

# JAVA
ENV JAVA_HOME /usr/lib/jvm/java-bellsoft-amd64
ENV PATH "${JAVA_HOME}/bin:${PATH}"
RUN JAVA_MAJOR_VERSION="11" \
    && JDK_METADATA="jdk-metadata.json" \
    && curl -sLo "${JDK_METADATA}" "https://api.bell-sw.com/v1/liberica/releases?version-modifier=latest&os=linux&release-type=lts&bitness=64&package-type=tar.gz&bundle-type=jdk&arch=x86" \
    && JDK_VERSION="$(jq -r ".[] | select(.featureVersion | contains("${JAVA_MAJOR_VERSION}")).version" "${JDK_METADATA}")" \
    && JDK_ARCHIVE_URL="$(jq -r ".[] | select(.featureVersion | contains("${JAVA_MAJOR_VERSION}")).downloadUrl" "${JDK_METADATA}")" \
    && JDK_ARCHIVE="$(basename "${JDK_ARCHIVE_URL}")" \
    && curl -sLo "${JDK_ARCHIVE}" "${JDK_ARCHIVE_URL}" \
    && mkdir -p "${JAVA_HOME}" \
    && tar -xf "${JDK_ARCHIVE}" -C "${JAVA_HOME}" --strip-components=1 \
    && rm -rf "${JDK_ARCHIVE}" "${JDK_METADATA}" \
    && "${JAVA_HOME}"/bin/java -version
#/JAVA

# CHROME; see https://github.com/justinribeiro/dockerfiles/blob/c87217ebfeced3f0088f6559b799ed85f495ddff/chrome-headless/Dockerfile#L31-L51
RUN curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
	&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
	&& apt-get update \
	&& apt-get install -y --no-install-recommends \
	google-chrome-stable \
	fontconfig \
	fonts-ipafont-gothic \
	fonts-wqy-zenhei \
	fonts-thai-tlwg \
	fonts-kacst \
	fonts-symbola \
	fonts-noto \
    libgconf-2-4 \
    libxss1 \
    libasound2 \
    libnss3-tools \
    && apt-get install -y --no-install-recommends libosmesa6 \
        && ln -s /usr/lib/x86_64-linux-gnu/libOSMesa.so.8 \
                 /opt/google/chrome/libosmesa.so \
    && apt-get install -y --no-install-recommends libatk-bridge2.0-0 \
        && ln -s /usr/lib/x86_64-linux-gnu/libatk-bridge-2.0.so.0 \
                 /opt/google/chrome/ \
    && apt-get install -y --no-install-recommends libgtk-3-0 \
        && ln -s /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 \
                 /opt/google/chrome/ \
    && apt-get install -y --no-install-recommends libgdk3.0-cil \
        && ln -s /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 \
                 /opt/google/chrome/ \
    && export CHROMEDRIVER_VERSION=$(curl -sS chromedriver.storage.googleapis.com/LATEST_RELEASE_$(google-chrome --version | cut -f 3 -d ' ' | cut -f 1,2,3 -d '.')) \
    && curl -sfLO https://chromedriver.storage.googleapis.com/${CHROMEDRIVER_VERSION}/chromedriver_linux64.zip \
    && unzip chromedriver_linux64.zip -d /usr/bin/ \
    && rm chromedriver_linux64.zip \
    && ln -s /usr/bin/chromedriver /usr/local/bin/ \
    && apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
    # ^ TODO: WHY IS THE BINARY NEEDED IN TWO PLACES?
#/CHROME

# LDAP; see https://help.ubuntu.com/lts/serverguide/openldap-server.html
RUN apt-get update && apt-get install -y --no-install-recommends \
    gnutls-bin slapd ldap-utils ssl-cert \
    && apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
    && certtool --generate-privkey > /etc/ssl/private/cakey.pem \
    && echo "cn = Pivotal Software Test"    >> /etc/ssl/ca.info \
    && echo "  ca"                          >> /etc/ssl/ca.info \
    && echo "  cert_signing_key"            >> /etc/ssl/ca.info \
    && certtool --generate-self-signed --load-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ca.info --outfile /etc/ssl/certs/cacert.pem \
    && certtool --generate-privkey --bits 1024 --outfile /etc/ssl/private/ldap01_slapd_key.pem \
    && echo "organization = Pivotal Software Test"  >> /etc/ssl/ldap01.info \
    && echo "    cn = ldap01.example.com"           >> /etc/ssl/ldap01.info \
    && echo "    tls_www_server"                    >> /etc/ssl/ldap01.info \
    && echo "    encryption_key"                    >> /etc/ssl/ldap01.info \
    && echo "    signing_key"                       >> /etc/ssl/ldap01.info \
    && echo "    expiration_days = 3650"            >> /etc/ssl/ldap01.info \
    && certtool --generate-certificate --load-privkey /etc/ssl/private/ldap01_slapd_key.pem --load-ca-certificate /etc/ssl/certs/cacert.pem --load-ca-privkey /etc/ssl/private/cakey.pem --template /etc/ssl/ldap01.info --outfile /etc/ssl/certs/ldap01_slapd_cert.pem \
    && adduser openldap ssl-cert \
    && chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem \
    && chmod 0640 /etc/ssl/private/ldap01_slapd_key.pem \
    && echo "dn: cn=config"                                                     >> /etc/ssl/certinfo.ldif \
    && echo "changetype: modify"                                                >> /etc/ssl/certinfo.ldif \
    && echo "add: olcTLSCACertificateFile"                                      >> /etc/ssl/certinfo.ldif \
    && echo "olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem"                >> /etc/ssl/certinfo.ldif \
    && echo "-"                                                                 >> /etc/ssl/certinfo.ldif \
    && echo "add: olcTLSCertificateFile"                                        >> /etc/ssl/certinfo.ldif \
    && echo "olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem"       >> /etc/ssl/certinfo.ldif \
    && echo "-"                                                                 >> /etc/ssl/certinfo.ldif \
    && echo "add: olcTLSCertificateKeyFile"                                     >> /etc/ssl/certinfo.ldif \
    && echo "olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem"   >> /etc/ssl/certinfo.ldif \
    && service slapd start \
    && ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/certinfo.ldif \
    && sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap\:\/\/\/ ldapi\:\/\/\/ ldaps\:\/\/\/\"/g" /etc/default/slapd \
    && echo "#!/usr/bin/env bash"                                               >> /bin/start-slapd \
    && echo "set -eu -o pipefail"                                               >> /bin/start-slapd \
    && echo "echo '# docker build will not persist /etc/hosts'  >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '# ------------- UAA DNS ------------- #'     >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 oidcloginit.localhost'             >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 testzone1.localhost'               >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 testzone2.localhost'               >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 testzone3.localhost'               >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 testzone4.localhost'               >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 testzoneinactive.localhost'        >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '127.0.0.1 testzonedoesnotexist.localhost'    >> /etc/hosts"  >> /bin/start-slapd \
    && echo "echo '# ------------- UAA DNS ------------- #'     >> /etc/hosts"  >> /bin/start-slapd \
    && echo "pgrep slapd || service slapd start"                                >> /bin/start-slapd \
    && chmod 0755 /bin/start-slapd
#/LDAP

# DATABASES
# DATABASES-POSTGRESQL
RUN apt-get update && apt-get install -y --no-install-recommends \
    postgresql postgresql-contrib \
    && apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
    && echo "#!/usr/bin/env bash"                                               >> /bin/start-postgresql \
    && echo "set -eu -o pipefail"                                               >> /bin/start-postgresql \
    && echo "service postgresql start"                                          >> /bin/start-postgresql \
    && echo "while ! sudo -u postgres psql -c 'select 1'; do sleep 1; done;"    >> /bin/start-postgresql \
    && chmod 0755 /bin/start-postgresql
#/DATABASES-POSTGRESQL

# DATABASES-MYSQL-OR-PERCONA
RUN export PERCONA_DEB="percona-release_latest.$(lsb_release -sc)_all.deb" \
    && curl -sLo ${PERCONA_DEB} https://repo.percona.com/apt/${PERCONA_DEB} \
    && dpkg -i ${PERCONA_DEB} && rm ${PERCONA_DEB} \
    && apt-get update && apt-get install -y --no-install-recommends \
# MYSQL - collides with PERCONA
    mysql-server \
# MYSQL - collides with PERCONA
# PERCONA - collides with MYSQL
#    percona-server-server-5.7 mysql-client \
#/PERCONA - collides with MYSQL
    && apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
    && sudo mysql_ssl_rsa_setup --uid=mysql \
    && echo "#!/usr/bin/env bash"                                                   >> /bin/start-mysql \
    && echo "set -eu -o pipefail"                                                   >> /bin/start-mysql \
    && echo "find /var/lib/mysql -type f -exec touch {} \; && service mysql start"  >> /bin/start-mysql \
    && echo "while ! mysql -e 'select 1'; do sleep 1; done;"                        >> /bin/start-mysql \
    && chmod 0755 /bin/start-mysql
# DATABASES-MYSQL-OR-PERCONA
#/DATABASES

# PROJECT_SETUP
ENV DB_NAME=uaa
ENV DB_USER=root
ENV DB_PASS=changeme
ENV NUM_DBS=24

RUN /bin/start-mysql \
    && echo "[mysql]"               >> "${HOME}/.my.cnf" \
    && echo "password=${DB_PASS}"   >> "${HOME}/.my.cnf" \
    && mysql -e "ALTER USER '${DB_USER}'@'localhost' IDENTIFIED WITH mysql_native_password BY '${DB_PASS}';" \
    # -----------^ change root from `auth_socket` to `mysql_native_password` so that `-h 127.0.0.1` works
    && mysql -e "CREATE DATABASE ${DB_NAME} DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" \
    && for i in $(seq 1 ${NUM_DBS}); do mysql -e "CREATE DATABASE ${DB_NAME}_${i} DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" ; done

RUN /bin/start-postgresql \
    && sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH SUPERUSER PASSWORD '${DB_PASS}';" \
    && sudo -u postgres createdb "${DB_USER}" \
    && sudo -u postgres createdb "${DB_NAME}" \
    && for i in $(seq 1 ${NUM_DBS}); do sudo -u postgres createdb "${DB_NAME}_${i}" ; done

COPY ldap_db_init.ldif copy_of-uaa_src_main_resources_ldap_init.ldif /ldap/
RUN /bin/start-slapd \
    && ldapadd -Y EXTERNAL -H ldapi:/// -f /ldap/ldap_db_init.ldif \
    && ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f /ldap/copy_of-uaa_src_main_resources_ldap_init.ldif \
    && rm -rf /ldap/
#/PROJECT_SETUP
